Chinese law enforcement agencies have revealed detailed techniques used to track, seize, and freeze cryptocurrency assets despite the country’s nationwide ban on virtual currencies. A new technical report published on June 4 in the journal Forensic Science and Technology provides an extensive overview of the forensic methods employed to identify and confiscate illicit virtual funds.
Cryptocurrencies such as Bitcoin and Ethereum have been prohibited as a form of currency in China since a 2021 government directive. Earlier this year, authorities intensified restrictions by targeting stablecoins and the tokenization of physical assets. Nevertheless, virtual currencies continue to be favored by criminals involved in scams, illegal gambling, and money laundering because transactions offer user anonymity and bypass central authority oversight.
The report, authored by Sun Shengbin of the Wenzhou Public Security Bureau, Lou Yandi of the Zhejiang Provincial Public Security Department’s Criminal Investigation Corps, and their colleagues, outlines the step-by-step process used in investigations. Central to these efforts is the challenge of accessing private keys, which are cryptographic codes needed to control cryptocurrency wallets.
Each cryptocurrency wallet is secured by a private key, a 64-digit alphanumeric code, often represented via a mnemonic phrase comprising 12 to 24 common English words. These mnemonic phrases allow users to reconstruct the private key and thereby access funds. Investigators begin their work by analyzing confiscated physical devices—including smartphones, hard drives, and hardware wallets—to locate these phrases or keys.
Law enforcement uses specialized forensic software tools to scan entire disk contents, filter for relevant text patterns like sequences of English words, and validate findings to exclude meaningless data. For mobile devices, bespoke programs can extract potential key phrases hidden in messaging apps or notes, and even analyze text embedded within images such as screenshots.
The report highlights the distinct types of wallets investigators encounter: cold wallets, which are offline hardware devices storing private keys, and watch wallets, mobile applications that display balances but require an offline cold wallet signature to transfer funds. In cases where only a watch wallet is found, investigators continue searching for the corresponding cold wallet to gain control over the assets.
If investigators fail to find the necessary keys, they turn to blockchain analysis to trace cryptocurrency transactions on public ledgers. This process is complicated by smart contracts and other blockchain features that obfuscate fund flows through mechanisms such as cross-chain transfers, token swaps, and delegated authorizations, all designed to mask the trail.
The study offers unprecedented insight into the technical and procedural measures Chinese authorities deploy to enforce strict cryptocurrency regulations and disrupt illicit use of virtual assets despite the inherent challenges posed by blockchain technology’s complexity.
